New CYBERCOM Chief Says Military Has Zero Real Time Situational Awareness of Its Networks

3 Jun 2010

The new chief of U.S. Cyber Command, Gen. Keith Alexander, spoke at my alma mater CSIS in Washington, DC, this morning, and while he purposefully did not make any real news, he had some interesting comments on the policy issues surrounding the new (combatant?) command.

I find it a bit amusing when military officials make declarative statements such as “we will defend our cyberspace.” Okay, well, how are you going to defend cyberspace and still maintain functionality when so much of the military’s network resides on private sector networks? He didn’t explain that one very well; he did throw in the completely useless and overused descriptor “full spectrum” cyber operations.

I think the most interesting thing he said was the military has zero real time situational awareness of its networks. Hmmm, that's not good. Most attacks are discovered after the fact, he said, when the forensic folks come in to clean up the mess. At that point it’s too late to do much other than learn what vulnerabilities might have been revealed; like using jump drives to transfer data between non-secure and secure computers might also pass along a bug.

Alexander said the military simply lacks a common operational picture of its networks (I wonder if China lacks SA of DOD networks).

On the subject of rules of engagement, Alexander was understandably reluctant to get too far into that one, as it appears to be constantly shifting, but he did say that there would be very different ROE during peacetime and wartime. Like ROE in war zones, I’m sure CYBERCOM will maintain an ambiguity around that one to allow it certain freedom of operations.

Like any good military official, he addressed the more complex issues facing his command by framing them in the form of a question. Such as: What if an adversary uses a neutral state’s networks to bounce their cyber attack through? And, what are the ROE when the U.S. homeland is under attack?

On the issues of civil liberties and privacy, Alexander said the key is oversight by government agencies, the courts and congress. I’m predicting now that CYBERCOM will someday have the largest collection of JAG officers of any command.